allentech.net

Home > Browser Parasites > Parasite Database > IEDriver

About Us

Online Stores

TQ Support

Web Services

Database Help

Tech Links

Projects

Online Manual

Browser Parasites

Privacy Policy

Contact us

Send Page

Limited Time!
Totally FREE Web Design!
Click here!

Blue Host

Parasite: IEDriver

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

IEDriver a search bar hijacker, backdoor and adware, controlled by adsrve.com. It may also describe itself as ‘MaxSpeed’, ‘TurboDownload’ or ‘PopUpKiller’ (although it does nothing to do with these terms).

Also known as

Adware.TurboDownload, by Symantec anti-virus. App/IEDriver-A, by Sophos anti-virus.

Distribution

Bundled with URLBlaze and Grokster. Installed by the WildMedia parasite.

What it does

Advertising

Yes. Opens pop-up adverts when targeted sites are visited, or targeted words are seen inside a page URL.

The targets are stored in the file IEDriver.bin, trivially encoded. (At the time of writing, exclusive-orring with 255 was used to obfuscate this file.)

Privacy violation

When a pop-up target is matched, the controlling server ftp.adsrve.com is contact, with what appears to be a unique ID. This would allow site usage to be tracked across the web.

Security issues

Yes. Includes an updater process which may download and run arbitrary unsigned code from its controlling server. This has been used in the past to install more third-party parasites such as Transponder/BI, FlashTrack and Promulgate.

Stability problems

None known.

Removal

Look for TurboDownload or IEDriver in the Add/Remove Programs function of the Windows Control Panel. This entry should remove IEDriver.

Manual removal

Open the registry (click ‘Start’, choose ‘Run’, enter ‘regedit’) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the entry ‘IEDriver’ pointing to ‘iedriver.exe’.

Restart the computer and you should be able to delete the ‘IEDriver’ folder from the System folder, which is inside the Windows folder, and is called ‘System32’ on Windows NT/2000/XP. (IEDriver is hidden, so if you cannot see it, turn on ‘Show hidden files and folders’ on the View tab of Tools->Folder Options.)

* Parasite information and detection script by Andrew Clover - www.doxdesk.com, used with permission.

For more information about Scumware, Spyware and Parasites, their sources and their cure, visit our About Parasites page and related Tech Links.

Visit our new services portal at Allen One for a completely new parasite database format, comming November 2005!

webmaster@allentech.net
Tech Bench
Web Analytics by My-OLAP!

Top